Re: Client requesting authentication on server & thomson-httpbis-catch
Mark Nottingham <mnot@mnot.net> Fri, 21 March 2014 01:15 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 709161A0833 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 20 Mar 2014 18:15:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.449
X-Spam-Level:
X-Spam-Status: No, score=-7.449 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.547, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Co7FaAw7sUkU for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 20 Mar 2014 18:15:27 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id BE1981A0821 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 20 Mar 2014 18:15:27 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1WQo1b-0008EI-Bc for ietf-http-wg-dist@listhub.w3.org; Fri, 21 Mar 2014 01:13:31 +0000
Resent-Date: Fri, 21 Mar 2014 01:13:31 +0000
Resent-Message-Id: <E1WQo1b-0008EI-Bc@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <mnot@mnot.net>) id 1WQo1M-0008Cj-Rr for ietf-http-wg@listhub.w3.org; Fri, 21 Mar 2014 01:13:16 +0000
Received: from mxout-07.mxes.net ([216.86.168.182]) by maggie.w3.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <mnot@mnot.net>) id 1WQo1L-0006ui-Sr for ietf-http-wg@w3.org; Fri, 21 Mar 2014 01:13:16 +0000
Received: from [192.168.1.55] (unknown [118.209.54.174]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id B8CE322E1F4; Thu, 20 Mar 2014 21:12:25 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <74632FC5-6250-45B4-8A90-E280A96423B6@bblfish.net>
Date: Fri, 21 Mar 2014 12:12:31 +1100
Cc: HTTP Working Group <ietf-http-wg@w3.org>, Martin Thomson <martin.thomson@gmail.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <C2723A44-E086-4BDD-8157-7438E7110661@mnot.net>
References: <EA2F3433-23B1-40A4-8A5B-943FDFEEAB6C@bblfish.net> <74632FC5-6250-45B4-8A90-E280A96423B6@bblfish.net>
To: henry.story@bblfish.net
X-Mailer: Apple Mail (2.1874)
Received-SPF: pass client-ip=216.86.168.182; envelope-from=mnot@mnot.net; helo=mxout-07.mxes.net
X-W3C-Hub-Spam-Status: No, score=-3.7
X-W3C-Hub-Spam-Report: AWL=-3.036, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001
X-W3C-Scan-Sig: maggie.w3.org 1WQo1L-0006ui-Sr 3b9715c8c9035f94250308409ee891ae
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Client requesting authentication on server & thomson-httpbis-catch
Archived-At: <http://www.w3.org/mid/C2723A44-E086-4BDD-8157-7438E7110661@mnot.net>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/22795
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
On 20 Mar 2014, at 1:42 am, henry.story@bblfish.net wrote: > So presumably here one could extend the current client "Authorization" header to > something like > > Authorization: Certificate > > So I see that new schemes can be registered at > > http://tools.ietf.org/html/draft-ietf-httpbis-p7-auth-26#section-5.1.2 > https://www.ietf.org/rfc/rfc2617.txt > > This does require server side TLS renegotiation to work, but that's where we are at > present. I think this makes the most sense, in that then you could send Vary: Authorization to indicate that the response varies based upon that header. Might be good to put a hash of the cert into the header... Cheers, -- Mark Nottingham http://www.mnot.net/
- Re: Client requesting authentication on server & … henry.story@bblfish.net
- Client requesting authentication on server & thom… henry.story@bblfish.net
- Re: Client requesting authentication on server & … Mark Nottingham
- Re: Client requesting authentication on server & … henry.story@bblfish.net
- Re: Client requesting authentication on server & … Mark Nottingham
- Re: Client requesting authentication on server & … Amos Jeffries